kcd at daimlerchrysler.com
Tue Feb 5 23:48:25 UTC 2002
In BIND 9, there is an "update-policy" configuration element which gives
somewhat more fine-grained control over what records in a zone can be
updated dynamically and what records cannot, or by whom (identified by
signing key). However, beyond a certain point, it would be difficult to
maintain all of the ACLs and/or keys sanely.
Another approach is to make the relevant names separate zones (i.e. delegate
them). Then you could use plain old "allow-update" to control access. This
approach would work with BIND 8 as well as BIND 9. However, it could be just
as hard, or even harder, to maintain all of those zone definitions, and it
is an incomplete solution at best, since some of the records may not be
delegatable (e.g. zone-apex names, aliases, etc).
Schelstraete Bart wrote:
> I have 2 questions (again:), and maybe somewhone can help me....
> 1) Is it possible to 'restrict' deletion of entry in de dynamic domain?
> For example:
> I have a domain, that's update dynamically. But there
> are a few entry's in that domain that may not (never) be deleted.
> Is it possible to tell BIND that he may not accepts
> updates/deletions for those entry's?
> 2) Is is possible in BIND to deny multple entrys in de dynamic domain?
> -- Binary/unsupported file stripped by Ecartis --
> -- Type: application/x-pkcs7-signature
> -- File: smime.p7s
> -- Desc: S/MIME Cryptographic Signature
More information about the bind-users